EP2772021A2 - Network self-protection - Google Patents
Network self-protectionInfo
- Publication number
- EP2772021A2 EP2772021A2 EP13735761.2A EP13735761A EP2772021A2 EP 2772021 A2 EP2772021 A2 EP 2772021A2 EP 13735761 A EP13735761 A EP 13735761A EP 2772021 A2 EP2772021 A2 EP 2772021A2
- Authority
- EP
- European Patent Office
- Prior art keywords
- network
- aggregation
- flows
- flow
- score
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 230000002776 aggregation Effects 0.000 claims abstract description 104
- 238000004220 aggregation Methods 0.000 claims abstract description 104
- 238000000034 method Methods 0.000 claims abstract description 31
- 230000003044 adaptive effect Effects 0.000 claims abstract description 14
- 238000012544 monitoring process Methods 0.000 claims description 9
- 238000005192 partition Methods 0.000 claims description 5
- 230000005540 biological transmission Effects 0.000 claims description 3
- 230000001010 compromised effect Effects 0.000 claims description 3
- 230000004931 aggregating effect Effects 0.000 claims description 2
- 230000001105 regulatory effect Effects 0.000 claims description 2
- 230000002596 correlated effect Effects 0.000 claims 2
- 230000007246 mechanism Effects 0.000 description 18
- 230000006399 behavior Effects 0.000 description 15
- 238000013461 design Methods 0.000 description 6
- 238000002474 experimental method Methods 0.000 description 6
- 238000005259 measurement Methods 0.000 description 6
- 230000001934 delay Effects 0.000 description 4
- 238000001514 detection method Methods 0.000 description 4
- 230000000694 effects Effects 0.000 description 4
- 239000000243 solution Substances 0.000 description 4
- 230000001147 anti-toxic effect Effects 0.000 description 3
- 238000006243 chemical reaction Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 230000004044 response Effects 0.000 description 3
- 238000012360 testing method Methods 0.000 description 3
- 230000009471 action Effects 0.000 description 2
- 239000000729 antidote Substances 0.000 description 2
- 238000013459 approach Methods 0.000 description 2
- 235000014121 butter Nutrition 0.000 description 2
- 230000015556 catabolic process Effects 0.000 description 2
- 238000006731 degradation reaction Methods 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 239000002574 poison Substances 0.000 description 2
- 231100000614 poison Toxicity 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 238000013138 pruning Methods 0.000 description 2
- 238000010845 search algorithm Methods 0.000 description 2
- 230000002123 temporal effect Effects 0.000 description 2
- 241000406668 Loxodonta cyclotis Species 0.000 description 1
- 241000004210 Properigea costa Species 0.000 description 1
- 230000002159 abnormal effect Effects 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 238000003339 best practice Methods 0.000 description 1
- 230000000903 blocking effect Effects 0.000 description 1
- 230000032823 cell division Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000011156 evaluation Methods 0.000 description 1
- 239000004744 fabric Substances 0.000 description 1
- 235000019197 fats Nutrition 0.000 description 1
- 238000002347 injection Methods 0.000 description 1
- 239000007924 injection Substances 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 230000000116 mitigating effect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000005457 optimization Methods 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 238000013468 resource allocation Methods 0.000 description 1
- 238000005070 sampling Methods 0.000 description 1
- 238000004088 simulation Methods 0.000 description 1
- 238000012549 training Methods 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
- 238000013024 troubleshooting Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/12—Avoiding congestion; Recovering from congestion
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/41—Flow control; Congestion control by acting on aggregated flows or links
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/02—Capturing of monitoring data
- H04L43/026—Capturing of monitoring data using flow identification
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/16—Threshold monitoring
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/20—Arrangements for monitoring or testing data switching networks the monitoring system or the monitored elements being virtualised, abstracted or software-defined entities, e.g. SDN or NFV
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/24—Traffic characterised by specific attributes, e.g. priority or QoS
- H04L47/2441—Traffic characterised by specific attributes, e.g. priority or QoS relying on flow classification, e.g. using integrated services [IntServ]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Definitions
- the present invention relates to a network and, more particularly, to a self-protected network.
- NetFuse which is, analogously to the fuse boxes in the electrical circuits, a self-protection mechanism that seeks to detect and respond to a variety of network problems and protect the necessary network services.
- NetFuse employs a multi-dimensional flow aggregation algorithm that automatically determines an optimal set of clustering criteria and identifies the suspicious flows that are likely to cause network problems under these criteria. Then, NetFuse adaptively regulates the identified flows according to the network feedback. Due to the light-weight sensing capabilities inherent in the OpenFlow technologies, NetFuse is currently implemented in OpenFlow networks as a proxy device between the switches and the controller. This way, NetFuse can not only intercept the control messages and infer the network states, but also offload the excessive processing overhead for the controller, thereby improving scalability of the entire system.
- NetFuse leverages the powerful network sensing capabilities of OpenFlow's unique messaging mechanism. As a standalone product, NetFuse can proactively protect the network infrastructure from hard-to-fmd problems and prevent failure propagation. This is very important for Cloud service providers or data center operators and can rescue the network from disastrous network downtime and service disruption. NetFuse is also a value added services that can be built over OpenFlow switches and therefore are expected to boost the sales and marketing of OpenFlow devices.
- An objective of the present invention is to detect, or react to, a network problem such as network overload.
- An aspect of the present invention includes a device used in a network, comprising a network monitor to monitor a network state and to collect statistics for flows going through the network, a flow aggregation unit to aggregate flows into clusters and identify flows that can cause a network problem, and an adaptive control unit to adaptively regulate the identified flow according to network feedback.
- Another aspect of the present invention includes a method used in a network, comprising monitoring a network state and to collect statistics for flows going through the network, aggregating flows into clusters and identify flows that can cause a network problem, and adaptively regulating the identified flow according to network feedback.
- FIG. 1 depicts a system architecture.
- FIG. 2 depicts a flow chart related to the system architecture.
- FIG. 3 depicts an example reasonable flow aggregations.
- FIG. 4 depicts a flowing diagram that illustrates Procedure 1.2.
- FIG. 5 depicts an example of different flow aggregations.
- FIG. 6 depicts Algorithm 1.
- FIG. 7 depicts preliminary experiment results.
- FIG. 8 depicts FatTree network topology.
- NetFuse comprises three major components: network monitor, flow aggregation, and adaptive control.
- network monitor continuously monitors the network states and collect statistics for flows going through the network.
- flow aggregation NetFuse identifies the suspicious flows that are likely to cause network problems.
- NetFuse adaptively regulates the identified flows according to the network feedback.
- NetFuse Leveraging the light-weight sensing capabilities inherent in the OpenFlow technologies, NetFuse is currently implemented in OpenFlow networks as a proxy device between the switches and the controller. But NetFuse is not limited to OpenFlow and can be applied to general network systems if monitoring data are available.
- Procedure 1 Flow Aggregation
- This procedure seeks to aggregate flows into clusters and find the cluster that is most likely to be responsible for certain network problems.
- flow statistics In the input of this procedure is flow statistics and the output is clusters of suspicious flows.
- Procedure 1.1 and 1.2 are specific solutions that accomplish this goal.
- Procedure 1.1 Single-Dimensional Aggregation
- S(P) (m&x(F)-m (F))/m (F), where m is the low median operator.
- P* max p S(P).
- Fig. 3 is an example set of aggregation rules.
- the algorithm simply chooses one aggregation rules, clusters flows based on this rule, and outputs the set of flows with the highest score or the score exceeding the predetermined threshold values.
- the overloading can be caused by specific applications at specific network regions, corresponding to a combination of multiple aggregation conditions on different flow properties.
- This procedure correlate multiple aggregation rules and identify the combination of rules that most evidently real the network problems.
- this procedure is essentially a breadth-first search algorithm with branch pruning to enumerate the multidimensional flow.
- Procedure 2 Adaptive Control
- Procedure 2.1 is one way to realize this adaptive control.
- NetFuse When NetFuse apply extra delays to an overloading flow f s RTT (round-trip delay time), NetFuse tests the aggressiveness of f s response. If f reduces its rate, the extra delay will also be reduced, and eventually it will no longer suffer extra delay but enjoy the original data path; otherwise, the extra delay increases and eventually fills the buffer, dropping all packets of f. If the target rate of f is r, while f s current rate demand (measured at NetFuse box buffer queue) is r f , the extra delay NetFuse put on f is: (r f - r)xr f XRTT/r.
- NetFuse a mechanism to protect against traffic overload in OpenFlow -based data
- NetFuse is scalable because it uses passively-collected OpenFlow control messages to detect active network flows; it is accurate because it uses multi-dimensional flow aggregation to determine the right criteria to combine network flows that lead to overloading behavior; and it is effective in limiting the damage of surges while not affecting the normal traffic because it uses a toxin-arititoxm-iike mechanism to adaptively shape the rate of the flow based on application feedback.
- N etFuse was built a prototype of N etFuse and evaluated it on a real Open Flow testbed. Our results show "that the mechanism is effective in identifying and isolating misbehaving traffic with a small false positive rate ( ⁇ 9%).
- Modern cloud and data center platforms comprise thousands of servers running complex applications, whose interactions with each other and with the in frastructure are not always known. Although constructed with redundant network topologies [5] and well-engineered protocols [1], these platforms still suffer catastrophic failures and performance degradations when traffic overload occurs. Traffic overload is caused external factors, such as DDoS attacks but also by seemingly harmless internal factors, such as small workload changes, simple operator tasks, or routing misconfigurations. For example, Araa on 2 was down in April 211 due to a , routing misconiig oration that , mistakenly rerouted high- olume external traffic into the low-capacity internal network [3] ,
- OpenFlow is increasingly deployed in data centers to support diverse performance- or reliability-based application requirements.
- switches are connected to a logically central! ed controller and notify it, using control messages, when new Mows arrive or expire.
- NetFuse a mechanism to protect against ⁇ £c dm ⁇ 7 network overloading with little measurement overhead.
- NetFuse sits between the switches and controller of an OpenFlow network ami guards the network against the effects of traffic overload, similarly to how fuse boxes protect electrical circuits from surges.
- NetFuse works in three steps. First, it uses OpenFlow control messages ⁇ e.g., Packet! n. FiowMod, FiowRemoved) to detect the set of active network flows. Relying on control traffic, which notifies the controller of network events, such as flow departures arid arrivals, eliminates the need for on-demand, expensive monitoring. Second, we employ a multi-dimensional flow aggregation algorithm that automatically determines an optimal set of clustering for the active flows (e.g.., based on VLAN, application, path, rate) and identifies suspicious flows for each criteria. Finally, jNetFuse limits the effect of these flows by adaptiveiy changing their rate according to application feedback.
- OpenFlow control messages ⁇ e.g., Packet! n. FiowMod, FiowRemoved
- NetFuse can successfully detect network overloading caused by routing misconfigurations or DDos attacks with small false positive rates (less than 9%).
- the first goal of NetFuse is to identify the flows with suspicious behavior.
- the definition of "suspicious" varies according to different contexts. For example, both excessively frequent DN S queries and extremely high traffic volume represent overloading behavior.
- network operators may need to specify overloading behaviors based on the operational experience and domain knowledge. Because no single flow may be suspicious, NetFuse performs flow aggregation to identify clusters of active flows with overloading behavior.
- Flow aggregation is a combinatorial optimization problem and JNP-hard.
- Machine learning based clustering algorithms may be applied, but they require heavy training data and complex computation, making it unsuitable for online problem detection.
- it may not even be necessary to solve this general flow aggregation problem, because an arbitrary flow clustering may not be mapped to a practical overloading reason and thus a practical solution cannot be found.
- Even worse, it is also possible that a group of perfectly legitimate flows are labeled problematic only because they collectively show certain statistical overloading behavior.
- any HTTP request traffic (including the upcoming ones) will be controlled, and the other applications in the network will be protected.
- this list of rules includes both spatial ( PI to P6) and temporal ( P7 to P9) flow properties, and we can easily obtain the required information in OpenFlow (more on this in Section 4). However, it by no means covers all possible aggregation conditions and can be customized by the operators based on the domain knowledge.
- Threshold-based aggregation Some reasonable aggregation rules may be based on a predefined threshold, e. g. , P7, i'8, and P9. Using P6 ' from Table 1 as an example, if we want to partition flows by duration df , we can set the threshold value (3 ⁇ 4, and aggregate the flows with shorter duration ⁇ df ⁇ into the "shortlived” aggregation and the other flows into the "long-lived” . We find an appropriate threshold by choosing the value that separates the aggregated flows by the largest distances. The distance definition can be determined given the historical measurement statistics during normal (and heavy-load) operations.
- each aggregation is based on a single flow property.
- the overloading can be caused by specific applications at specific network regions, corresponding to a combination of multiple aggregation conditions on different flow properties. For example, if the overloading is caused by concurrent attacks against database, then the corresponding aggregation may be "start time ⁇ 30 seconds" and "dPort ::: 1433" . If we aggregate the flows by either start time or dPort, we cannot identify the right set of flows. Thus, a key problem is bow to find the correct rule combination.
- Algorithm 1 The computational complexity of Algorithm 1 is 0(NK v '), where A r is the number of acti ve flows, K is the number of pre-determined aggregation rules, and m is the dimension of the opti mal aggregation.
- th is algorithm can finish in under one second, which is comparable to controller response time and sufficiently responsive for online detection and reaction .
- etT ' use applies this algorithm to find the best reasonable flow aggregation and the corresponding most likely overloading reason . If no aggregation shows the overloading problem clearly, the output of the algorithm may be just the flows without aggregation (this can also be viewed as the finest aggregation) . Otherwise, the output of the algorithm may be either single- or multi-dimensional flow aggregation rule(s) , NetT ' use will classify ail flows failing into the aggregation as overloading.
- NetFuse finds the suspicious flows, it can control them to mitigate the overloading problems. For each identified overloading flows, NetFuse instructs the associated switches to reroute the flows to the NetFuse bos . Rerouting, different from mirroring, frees the network resource originally occupied by the overloading flows. Then, NetFuse can delay or selectively drop packets of the redirected flows in an i nternal butter queue such that their flow rates are mandatorily reduced. In Section 4, we discuss how to realize this functionality in an OpenFlow network.
- the identified suspicious flows may not be treated equally. Due to potential false alarms, not ail suspicious flows may be misbehaving. Even if abnormal flows are ' Correctly found, different flows may have different impacts on the aggregate overloading behavior. In addition, traffic interdependences may exist within the identified flows or between them and the other normal flows. Therefore, NetFuse can regulate the identified flows differently and adapt the reaction according to the system feedback.
- NetFuse applies the toxin- antitoxin mechanism in its control actions as follows. When it delays an overloading flow /, NetFuse tests the aggressiveness of /3 ⁇ 4 response. If / reduces its rate, NetFuse also reduces the aggressiveness of the delay until it no longer delays /. Otherwise, NetFuse starts delaying / more aggressively until i t eventually fills the buffer, dropping all packets of /.
- the target rate of / is r [ e.g., the average rate of other normal flows), and /'s current rate demand (measured at NetFuse box butter queue J is rt, the extra delay NetFuse puts on / is: (r/ - r) x r/ x RTT/r. Assuming the flows employ TCP and thus the flow rate is inversely proportional to RTT, since r oc R T, the extra delay on / intends to reduce flow rate from r/ to r.
- Monitoring NetFuse employs both passive listening and active query to collect necessary network information. As an intermediate relay, NetFuse intercepts all the control messages between the OpenFlow switches and controller, thereby obtaining a global view of the information and statistics of all flows in the network.
- Each switch sends a Packetln message to the controller every time it receives a data packet that does not match any of its flow table entries.
- the controller replies with an F!ow od message to install a forwarding rule for the packet and the subsequent packets in the same flow.
- Both Packetln and FiowMod messages encode key flow information: identifier (e.g., source IP and port, destination IP and port), routing configuration VLA.N tag, ingress interface, egress interface), and the Sow start time.
- the switch sends to the controller a Flow/Removed message, which includes the expired flow's duration and volume. All these control messages are embedded in the normal operation of OpenFlow networks and thus can be efficiently utilized by NetFuse with little additional overhead.
- NetFuse can also use the OpenFlow ReadState messages to periodically query the switches for network resource utilization and fine-grained flow information.
- the network utilization information includes the interface load and queue size.
- NetFuse also actively queries line-grained information about the long-lived elephant flows, in particular the dynamic flow rates between the flow start time and the expire time. Inevitably, these active queries introduce overhead to the data path. To mitigate this problem, NetFuse sets the query frequency to be in proportion to the current network load. In addition, NetFuse conducts more active queries only for suspected flows and in suspected network regions.
- NetFuse applies the flow aggregation algorithm to identify the flows with overloading behavior.
- all the flow reports from the switches are relayed to the controller.
- NetFuse filters and prioritizes the flow reports to offload to the controller.
- the control commands from the controller also go through NetFuse before getting installed in switches.
- NetFuse performs adaptive control on the identified flows by modifying or issuing new flow control rules to the switches. In cases where the deep packet inspection is required or when extra delays need to be injected into certain flows (as described in Section 3.1), the identified flows are redirected to the NetFuse boxes for further processing.
- the NetFuse boxes work as transparent devices between the controller and switches. From the perspective of switches, these devices act as the controller and issue actual commands to the switches to perform certain tasks. From the perspective of the controller, they are the network. Additionally, the NetFuse proxies also relieve the controller from heavy tasks such as flow redirection, delay injection, and packet blocking, thereby improve the scalability of the entire system.
- NetFuse applies the flow aggregation algorithm to the monitored flows at each time slot.
- NetFuse identifies the overloading flows based on the best flow aggregation rules.
- Recent work proposes a framework to detect large tra ⁇ 403c aggregates on commodity switches. Their system relies actively reading state from switches and adapts monitoring rules to measure the flows that are likely heavy hitters.
- NetFuse relies mostly on passive control traffic and uses active querying only when control traffic is insufficient, in addition, NetFuse can attempts to limit the effects of surges. NetFuse may rely largely on passive measurements.
- the current NetFuse design assumes a reactive OpenFlow network.
- NetFuse boxes will be deployed at a few vantage points instead of ubiquitously in the network . We will have a full treatment of these issues in our future work.
- NetFuse to protect against network overloading problems in OpenFlow data center networks.
- NetFuse uses (1) passively-collected OpenFlow control traffic to identify active network flows, (2) multi-dimensional flow aggregation to find the flow clusters that are suspicious, and (3) a toxin- antitoxin mechanism to adaptively limit the rate of suspicious flows without severely affecting the false positives.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
Description
Claims
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US201261585337P | 2012-01-11 | 2012-01-11 | |
US13/736,146 US8976661B2 (en) | 2012-01-11 | 2013-01-08 | Network self-protection |
PCT/US2013/020765 WO2013106386A2 (en) | 2012-01-11 | 2013-01-09 | Network self-protection |
Publications (3)
Publication Number | Publication Date |
---|---|
EP2772021A2 true EP2772021A2 (en) | 2014-09-03 |
EP2772021A4 EP2772021A4 (en) | 2015-07-22 |
EP2772021B1 EP2772021B1 (en) | 2016-09-07 |
Family
ID=48743853
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP13735761.2A Not-in-force EP2772021B1 (en) | 2012-01-11 | 2013-01-09 | Network self-protection |
Country Status (5)
Country | Link |
---|---|
US (1) | US8976661B2 (en) |
EP (1) | EP2772021B1 (en) |
JP (1) | JP5815891B2 (en) |
IN (1) | IN2014CN02822A (en) |
WO (1) | WO2013106386A2 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2016177404A1 (en) * | 2015-05-05 | 2016-11-10 | Telefonaktiebolaget Lm Ericsson (Publ) | Reducing traffic overload in software defined network |
Families Citing this family (17)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP2904867B1 (en) | 2012-10-05 | 2019-05-22 | Sierra Wireless, Inc. | Method and system for radio resource allocation |
EP2904864B1 (en) * | 2012-10-05 | 2019-09-18 | Sierra Wireless, Inc. | Method and system for uplink radio resource allocation in an lte communication system |
EP2850791B1 (en) * | 2012-10-05 | 2017-11-15 | Nec Corporation | Network management |
US9391897B2 (en) * | 2013-07-31 | 2016-07-12 | Oracle International Corporation | Methods, systems, and computer readable media for mitigating traffic storms |
CN103491095B (en) * | 2013-09-25 | 2016-07-13 | 中国联合网络通信集团有限公司 | Flow cleaning framework, device and flow lead, flow re-injection method |
US9736064B2 (en) * | 2013-12-17 | 2017-08-15 | Nec Corporation | Offline queries in software defined networks |
JP6035264B2 (en) * | 2014-02-17 | 2016-11-30 | 日本電信電話株式会社 | Ring network partitioning optimization apparatus, method and program |
CN105474602B (en) * | 2014-06-17 | 2019-02-05 | 华为技术有限公司 | The method, apparatus and equipment of attack stream are identified in software defined network |
US20160050132A1 (en) * | 2014-08-18 | 2016-02-18 | Telefonaktiebolaget L M Ericsson (Publ) | Method and system to dynamically collect statistics of traffic flows in a software-defined networking (sdn) system |
CN105591780B (en) * | 2014-10-24 | 2019-01-29 | 新华三技术有限公司 | Cluster monitoring method and equipment |
CN106034057B (en) * | 2015-03-18 | 2019-10-25 | 北京启明星辰信息安全技术有限公司 | A kind of series connection safety equipment failure system and method |
PL412663A1 (en) | 2015-06-11 | 2016-12-19 | Akademia Górniczo-Hutnicza im. Stanisława Staszica w Krakowie | Method for aggregation of flows in teleinformation networks |
KR102560594B1 (en) * | 2016-05-03 | 2023-07-27 | 삼성전자주식회사 | Apparatus and method for transmitting packets in wireless communication system |
US10929765B2 (en) * | 2016-12-15 | 2021-02-23 | Nec Corporation | Content-level anomaly detection for heterogeneous logs |
CN107147627A (en) * | 2017-04-25 | 2017-09-08 | 广东青年职业学院 | A kind of network safety protection method and system based on big data platform |
CN109120494B (en) * | 2018-08-28 | 2019-08-30 | 无锡华云数据技术服务有限公司 | The method of physical machine is accessed in cloud computing system |
EP3748562A1 (en) * | 2019-05-08 | 2020-12-09 | EXFO Solutions SAS | Timeline visualization & investigation systems and methods for time lasting events |
Family Cites Families (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7702806B2 (en) * | 2000-09-07 | 2010-04-20 | Riverbed Technology, Inc. | Statistics collection for network traffic |
US7185368B2 (en) * | 2000-11-30 | 2007-02-27 | Lancope, Inc. | Flow-based detection of network intrusions |
US7417951B2 (en) * | 2003-12-17 | 2008-08-26 | Electronics And Telecommunications Research Institute | Apparatus and method for limiting bandwidths of burst aggregate flows |
US20060075093A1 (en) * | 2004-10-05 | 2006-04-06 | Enterasys Networks, Inc. | Using flow metric events to control network operation |
JP4222567B2 (en) * | 2005-05-13 | 2009-02-12 | 日本電信電話株式会社 | Congestion control method and congestion control apparatus |
US8130767B2 (en) * | 2005-06-17 | 2012-03-06 | Cisco Technology, Inc. | Method and apparatus for aggregating network traffic flows |
EP1999890B1 (en) * | 2006-03-22 | 2017-08-30 | Ciena Luxembourg S.a.r.l. | Automated network congestion and trouble locator and corrector |
JP4469866B2 (en) * | 2007-03-20 | 2010-06-02 | 富士通株式会社 | Packet transmission device and semiconductor device |
US8804503B2 (en) * | 2007-06-29 | 2014-08-12 | Broadcom Corporation | Flow regulation switch |
US8374102B2 (en) * | 2007-10-02 | 2013-02-12 | Tellabs Communications Canada, Ltd. | Intelligent collection and management of flow statistics |
JP5408243B2 (en) * | 2009-03-09 | 2014-02-05 | 日本電気株式会社 | OpenFlow communication system and OpenFlow communication method |
EP2254286B1 (en) * | 2009-05-20 | 2013-03-20 | Accenture Global Services Limited | Network real time monitoring and control method, system and computer program product |
KR101422381B1 (en) * | 2010-04-19 | 2014-07-22 | 닛본 덴끼 가부시끼가이샤 | Switch and flow table controlling method |
WO2012081145A1 (en) * | 2010-12-13 | 2012-06-21 | Nec Corporation | Communication path control system, path control device, communication path control method, and path control program |
US9392010B2 (en) * | 2011-11-07 | 2016-07-12 | Netflow Logic Corporation | Streaming method and system for processing network metadata |
-
2013
- 2013-01-08 US US13/736,146 patent/US8976661B2/en not_active Expired - Fee Related
- 2013-01-09 EP EP13735761.2A patent/EP2772021B1/en not_active Not-in-force
- 2013-01-09 JP JP2014549007A patent/JP5815891B2/en not_active Expired - Fee Related
- 2013-01-09 WO PCT/US2013/020765 patent/WO2013106386A2/en active Application Filing
- 2013-01-09 IN IN2822CHN2014 patent/IN2014CN02822A/en unknown
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2016177404A1 (en) * | 2015-05-05 | 2016-11-10 | Telefonaktiebolaget Lm Ericsson (Publ) | Reducing traffic overload in software defined network |
US10986018B2 (en) | 2015-05-05 | 2021-04-20 | Telefonaktiebolaget Lm Ericsson (Publ) | Reducing traffic overload in software defined network |
Also Published As
Publication number | Publication date |
---|---|
US20130176852A1 (en) | 2013-07-11 |
EP2772021A4 (en) | 2015-07-22 |
WO2013106386A3 (en) | 2013-09-06 |
IN2014CN02822A (en) | 2015-07-03 |
JP2015501119A (en) | 2015-01-08 |
JP5815891B2 (en) | 2015-11-17 |
US8976661B2 (en) | 2015-03-10 |
EP2772021B1 (en) | 2016-09-07 |
WO2013106386A2 (en) | 2013-07-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP2772021B1 (en) | Network self-protection | |
Wang et al. | Netfuse: Short-circuiting traffic surges in the cloud | |
Swami et al. | Software-defined networking-based DDoS defense mechanisms | |
Wang et al. | SGS: Safe-guard scheme for protecting control plane against DDoS attacks in software-defined networking | |
Zhang et al. | Load balancing in data center networks: A survey | |
Moshref et al. | Trumpet: Timely and precise triggers in data centers | |
Shang et al. | FloodDefender: Protecting data and control plane resources under SDN-aimed DoS attacks | |
Imran et al. | Toward an optimal solution against denial of service attacks in software defined networks | |
Gholami et al. | Congestion control in software defined data center networks through flow rerouting | |
Govindarajan et al. | A literature review on software-defined networking (SDN) research topics, challenges and solutions | |
Wang et al. | BWManager: Mitigating denial of service attacks in software-defined networks through bandwidth prediction | |
Qian et al. | Openflow flow table overflow attacks and countermeasures | |
Chaudhary et al. | LOADS: Load optimization and anomaly detection scheme for software-defined networks | |
Varga et al. | Real-time security services for SDN-based datacenters | |
Dridi et al. | A holistic approach to mitigating DoS attacks in SDN networks | |
Ubale et al. | SRL: An TCP SYNFLOOD DDoS mitigation approach in software-defined networks | |
Nagarathna et al. | SLAMHHA: A supervised learning approach to mitigate host location hijacking attack on SDN controllers | |
Poddar et al. | Haven: Holistic load balancing and auto scaling in the cloud | |
US9515934B2 (en) | Determining a load distribution for data units at a packet inspection device | |
Jiang et al. | BSD‐Guard: A Collaborative Blockchain‐Based Approach for Detection and Mitigation of SDN‐Targeted DDoS Attacks | |
Wang et al. | Proactive mitigation to table-overflow in software-defined networking | |
Karnani et al. | A comprehensive survey on low-rate and high-rate DDoS defense approaches in SDN: taxonomy, research challenges, and opportunities | |
Krishnan et al. | CloudSDN: enabling SDN framework for security and threat analytics in cloud networks | |
Tran et al. | ODL-ANTIFLOOD: A comprehensive solution for securing OpenDayLight controller | |
SA et al. | In-network probabilistic monitoring primitives under the influence of adversarial network inputs |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
17P | Request for examination filed |
Effective date: 20140506 |
|
AK | Designated contracting states |
Kind code of ref document: A2 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
DAX | Request for extension of the european patent (deleted) | ||
A4 | Supplementary search report drawn up and despatched |
Effective date: 20150624 |
|
RIC1 | Information provided on ipc code assigned before grant |
Ipc: H04L 12/26 20060101AFI20150618BHEP Ipc: H04L 12/801 20130101ALI20150618BHEP Ipc: H04L 12/891 20130101ALI20150618BHEP Ipc: H04L 12/851 20130101ALI20150618BHEP Ipc: H04L 29/06 20060101ALI20150618BHEP |
|
GRAP | Despatch of communication of intention to grant a patent |
Free format text: ORIGINAL CODE: EPIDOSNIGR1 |
|
INTG | Intention to grant announced |
Effective date: 20160314 |
|
RAP1 | Party data changed (applicant data changed or rights of an application transferred) |
Owner name: NEC CORPORATION |
|
GRAS | Grant fee paid |
Free format text: ORIGINAL CODE: EPIDOSNIGR3 |
|
GRAA | (expected) grant |
Free format text: ORIGINAL CODE: 0009210 |
|
AK | Designated contracting states |
Kind code of ref document: B1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
REG | Reference to a national code |
Ref country code: GB Ref legal event code: FG4D |
|
REG | Reference to a national code |
Ref country code: CH Ref legal event code: EP |
|
REG | Reference to a national code |
Ref country code: IE Ref legal event code: FG4D |
|
REG | Reference to a national code |
Ref country code: AT Ref legal event code: REF Ref document number: 827696 Country of ref document: AT Kind code of ref document: T Effective date: 20161015 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R096 Ref document number: 602013011131 Country of ref document: DE |
|
REG | Reference to a national code |
Ref country code: LT Ref legal event code: MG4D |
|
REG | Reference to a national code |
Ref country code: NL Ref legal event code: MP Effective date: 20160907 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: RS Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20160907 Ref country code: LT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20160907 Ref country code: NO Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20161207 Ref country code: HR Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20160907 Ref country code: FI Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20160907 |
|
REG | Reference to a national code |
Ref country code: FR Ref legal event code: PLFP Year of fee payment: 5 |
|
REG | Reference to a national code |
Ref country code: AT Ref legal event code: MK05 Ref document number: 827696 Country of ref document: AT Kind code of ref document: T Effective date: 20160907 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: GR Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20161208 Ref country code: NL Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20160907 Ref country code: SE Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20160907 Ref country code: ES Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20160907 Ref country code: LV Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20160907 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: RO Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20160907 Ref country code: EE Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20160907 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: SK Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20160907 Ref country code: PT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170109 Ref country code: IS Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170107 Ref country code: BE Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20160907 Ref country code: SM Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20160907 Ref country code: PL Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20160907 Ref country code: CZ Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20160907 Ref country code: BG Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20161207 Ref country code: AT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20160907 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R097 Ref document number: 602013011131 Country of ref document: DE |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: IT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20160907 |
|
PLBE | No opposition filed within time limit |
Free format text: ORIGINAL CODE: 0009261 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: NO OPPOSITION FILED WITHIN TIME LIMIT |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: DK Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20160907 |
|
26N | No opposition filed |
Effective date: 20170608 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: SI Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20160907 |
|
REG | Reference to a national code |
Ref country code: CH Ref legal event code: PL |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: MC Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20160907 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: CH Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20170131 Ref country code: LI Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20170131 |
|
REG | Reference to a national code |
Ref country code: IE Ref legal event code: MM4A |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: LU Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20170109 |
|
REG | Reference to a national code |
Ref country code: FR Ref legal event code: PLFP Year of fee payment: 6 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: IE Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20170109 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: MT Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20170109 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: AL Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20160907 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: HU Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT; INVALID AB INITIO Effective date: 20130109 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: CY Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20160907 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: MK Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20160907 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: TR Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20160907 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R079 Ref document number: 602013011131 Country of ref document: DE Free format text: PREVIOUS MAIN CLASS: H04L0012260000 Ipc: H04L0043000000 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: GB Payment date: 20220119 Year of fee payment: 10 Ref country code: DE Payment date: 20220119 Year of fee payment: 10 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: FR Payment date: 20220119 Year of fee payment: 10 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R119 Ref document number: 602013011131 Country of ref document: DE |
|
GBPC | Gb: european patent ceased through non-payment of renewal fee |
Effective date: 20230109 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: GB Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20230109 Ref country code: DE Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20230801 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: FR Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20230131 |